The branch "FRAMEWORK_5_2" has been updated. The following is a summary of the commits.
from: 6110f22d14a4920214ce172b0f0e76d007a3db56 bc53d85 Don't trust input data when factoring driver from configuration array instead of string. 69f6788 Fix virtual address books. 75d223b [jan] SECURITY: Fix remote code execution by an unserialization attack (CVE-2022-30287). Summary: https://github.com/horde/turba/compare/6110f22d14a4...75d223b5280e ----------------------------------------------------------------------- commit bc53d856ca87656cdc6e5fafd54f2360eb247e24 Author: Jan Schneider <[email protected]> Date: Tue, 07 Jun 2022 00:39:52 +0200 Don't trust input data when factoring driver from configuration array instead of string. M bin/turba-import-openxchange M lib/Api.php M lib/Application.php M lib/Driver/Share.php M lib/Factory/Driver.php M lib/Turba.php https://github.com/horde/turba/commit/bc53d856ca87656cdc6e5fafd54f2360eb247e24 ----------------------------------------------------------------------- commit 69f67882539aa0909c3c8c15e37407e0aaa18d1c Author: Jan Schneider <[email protected]> Date: Tue, 07 Jun 2022 00:40:06 +0200 Fix virtual address books. M lib/Driver/Vbook.php M lib/Factory/Driver.php https://github.com/horde/turba/commit/69f67882539aa0909c3c8c15e37407e0aaa18d1c ----------------------------------------------------------------------- commit 75d223b5280e76ae3d5cae835efb59c4f0d087f1 Author: Jan Schneider <[email protected]> Date: Tue, 07 Jun 2022 00:45:02 +0200 [jan] SECURITY: Fix remote code execution by an unserialization attack (CVE-2022-30287). M docs/changelog.yml https://github.com/horde/turba/commit/75d223b5280e76ae3d5cae835efb59c4f0d087f1 -- commits mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: [email protected]
